/*jadclipse*/// Decompiled by Jad v1.5.8e2. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://kpdus.tripod.com/jad.html
// Decompiler options: packimports(3) radix(10) lradix(10) 
// Source File Name:   UsernamePasswordAuthenticationFilter.java

package security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.TextEscapeUtils;
import org.springframework.util.Assert;


public class UserPwdCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter
{

    public UserPwdCodeAuthenticationFilter()
    {
        super("/j_spring_security_check");
        usernameParameter = "j_username";
        passwordParameter = "j_password";
        verifycodeParameter = "j_verifycode";
        postOnly = true;
    }

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException
    {
        if(postOnly && !request.getMethod().equals("POST"))
            throw new AuthenticationServiceException((new StringBuilder()).append("Authentication method not supported: ").append(request.getMethod()).toString());
       	checkValidateCode(request);  
        String username = obtainUsername(request);
        String password = obtainPassword(request);
        if(username == null)
            username = "";
        if(password == null)
            password = "";
        username = username.trim();
        return myAuthMethod(request,response,username,password);
    }
    
    /**
     * 自定义认证方法
     * @param request
     * @param response
     * @param username
     * @param password
     * @return
     */
    public Authentication myAuthMethod(HttpServletRequest request, HttpServletResponse response,String username,String password){
    	UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
        setDetails(request, authRequest);
        Authentication auth = getAuthenticationManager().authenticate(authRequest);
        return auth;
    }
    protected String obtainPassword(HttpServletRequest request)
    {
        return request.getParameter(passwordParameter);
    }

    protected String obtainUsername(HttpServletRequest request)
    {
        return request.getParameter(usernameParameter);
    }

    protected String obtainVerifycode(HttpServletRequest request)
    {
        return request.getParameter(verifycodeParameter);
    }
    
    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
    {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }

    public void setUsernameParameter(String usernameParameter)
    {
        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
        this.usernameParameter = usernameParameter;
    }

    public void setPasswordParameter(String passwordParameter)
    {
        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
        this.passwordParameter = passwordParameter;
    }
    
    public void setVerifycodeParameter(String verifycodeParameter)
    {
        Assert.hasText(verifycodeParameter, "Password parameter must not be empty or null");
        this.verifycodeParameter = verifycodeParameter;
    }

    public void setPostOnly(boolean postOnly)
    {
        this.postOnly = postOnly;
    }

    public final String getUsernameParameter()
    {
        return usernameParameter;
    }

    public final String getPasswordParameter()
    {
        return passwordParameter;
    }
    
    public final String getVerifycodeParameter()
    {
        return verifycodeParameter;
    }
    
    protected void checkValidateCode(HttpServletRequest request) {  
    	String sessionVerifyCode = obtainVerifycode(request);  
    	if (null == sessionVerifyCode || !common.impl.VerifyCode.getInstance().check(request, sessionVerifyCode)) {  
    		throw new AuthenticationServiceException(messages.getMessage("Verifycode.notequal"));  
    	}  
    }  
    
    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
    public static final String SPRING_SECURITY_FORM_VERIFYCODE_KEY = "j_verifycode";
    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
    private String usernameParameter;
    private String passwordParameter;
    private String verifycodeParameter;
    private boolean postOnly;
}


